------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-9523 2011-07-22 19:05:05 ------------------------------------------------------------------------------- -
Name : java-1.6.0-openjdk Product : Fedora 14 Version : 1.6.0.0 Release : 54.1.9.9.fc14 URL : http://icedtea.classpath.org/ Summary : OpenJDK Runtime Environment Description : The OpenJDK runtime environment.
------------------------------------------------------------------------------- - Update Information:
- PR744: icedtea6-1.10.2 : patching error - PR748: Icedtea6 fails to build with Linux 3.0. - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications
------------------------------------------------------------------------------- - ChangeLog:
* Wed Jul 20 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.01:1.6.0.0-54.1.9.8 - PR744: icedtea6-1.10.2 : patching error - PR748: Icedtea6 fails to build with Linux 3.0. - RH718164, CVE-2011-2513: Home directory path disclosure to untrusted applications * Fri Jun 10 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-53.1.9.8 - added requires: fontconfig - resolves: rhbz#708201 * Mon Jun 6 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-53.1.9.8 - Resolves: rhbz#709375 - Bumped to IcedTea6 1.9.8 - RH706250, S6213702, CVE-2011-0872: (so) non-blocking sockets with TCP urgent disabled get still selected for read ops (win) - RH706106, S6618658, CVE-2011-0865: Vulnerability in deserialization - RH706111, S7012520, CVE-2011-0815: Heap overflow vulnerability in FileDialog.show() (win) - RH706139, S7013519, CVE-2011-0822, CVE-2011-0862: Integer overflows in 2D code - RH706153, S7013969, CVE-2011-0867: NetworkInterface.toString can reveal bindings - RH706234, S7013971, CVE-2011-0869: Vulnerability in SAAJ - RH706239, S7016340, CVE-2011-0870: Vulnerability in SAAJ - RH706241, S7016495, CVE-2011-0868: Crash in Java 2D transforming an image with scale close to zero - RH706248, S7020198, CVE-2011-0871: ImageIcon creates Component with null acc - RH706245, S7020373, CVE-2011-0864: JSR rewriting can overflow memory address size variables * Tue Feb 15 2011 Deepak Bhole <dbhole@redhat.com> 1:1.6.0.0-52.1.9.7 - Updated to IcedTea6 1.9.8 - Enabled bootstrap - Security updates: S6378709, CVE-2010-4465: AWT event dispatch does not support framework code S6854912, CVE-2010-4465: Security issue with the clipboard access in Applets S6878713, CVE-2010-4469: Verifier heap corruption, relating to backward jsrs S6907662, CVE-2010-4465: System clipboard should ensure access restrictions S6927050, CVE-2010-4470: Features set on SchemaFactory not inherited by Validator S6981922, CVE-2010-4448: DNS cache poisoning by untrusted applets S6983554, CVE-2010-4450: (launcher) Fix empty user's LD_LIBRARY_PATH environment variable in the launcher S6985453, CVE-2010-4471: Font.createFont may expose some system properties in exception text S6994263, CVE-2010-4472: Untrusted code can replace JRE's XML DSig Transform or C14N algorithm implementations RH677332, CVE-2011-0706: IcedTea multiple signers privilege escalation * Wed Feb 9 2011 Jiri Vanek <jvanek@redhat.com> 1:1.6.0.0-52.1.9.6 - updated to icedtea 1.9.6 - Security updates - S4421494, CVE-2010-4476: infinite loop while parsing double literal. * Fri Jan 28 2011 Jiri Vanek <jvanek@redhat.com> 1:1.6.0.0-51.1.9.5 - updated to icedtea 1.9.5 - Resolves: rhbz#672262 - Security updates - RH672262, CVE-2011-0025: IcedTea jarfile signature verification bypass - Backports - S6687968: PNGImageReader leaks native memory through an Inflater - S6541476, RH665355: PNG imageio plugin incorrectly handles iTXt chunk - S6782079: PNG: reading metadata may cause OOM on truncated images - Fixes - RH647157, RH582455: Update fontconfig files for rhel 6 - PR619: Improper finalization by the plugin can crash the browser * Wed Jan 5 2011 Jiri Vanek <jvanek@redhat.com> - 1:1.6.0.0-50.1.9.4 - Updated to IcedTea 1.9.4 * Wed Dec 1 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-49.1.9.3 - Updated to IcedTea 1.9.3 - Re-enable Compressed Oops by default as upstream bug# 7002666 is fixed * Tue Nov 30 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-49.1.9.2 - Update to IcedTea 1.9.2 - Resolves: rhbz# 645843 - Resolves: rhbz# 647737 - Resolves: rhbz# 643674 - Remove patch that disabled Compressed Oops. It is now the default upstream. * Mon Nov 29 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-48.1.9.1 - Resolves: rhbz#657491 - Removed Asian and Indic font dependencies. * Mon Nov 22 2010 Jiri Vanek <jvanek@redhat.com> -1:1.6.0-47.1.9.1 - added fonts dependencies * Mon Nov 8 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-46.1.9.1 - Temporarily resolve rhbz#647737: - Put hs19 back, but disable Compressed Oops * Mon Nov 8 2010 Deepak Bhole <dbhole@redhat.com> - 1:1.6.0.0-45.1.9.1 - Temporarily resolve rhbz#647737: - Build with default hotspot (hs17) - From Jiri Vanek (jvanek@redhat.com): -Fixing rhbz#648499 - BuildRequires: redhat-lsb ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #718164 - CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications https://bugzilla.redhat.com/show_bug.cgi?id=718164 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update java-1.6.0-openjdk' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|